STEVE INSKEEP, HOST:
How secure is the power grid that delivers electricity to your home, maybe even is powering this signal right now to you? Federal authorities are trying to answer that question after last year's attacks on substations. Somebody shot up a substation in North Carolina and knocked out power to tens of thousands of people. Other attacks struck stations in the Pacific Northwest. This is just one of the threats on the mind of Puesh Kumar of the U.S. Department of Energy.
PUESH KUMAR: We're going to use all of this information to inform - how do we build a grid that is more resilient in the future? Because we recognize how important the availability of power and other sources of energy are to everyone across the country.
INSKEEP: I'm trying to think about what resiliency means from a layman's perspective. I suppose it could mean building a higher wall around your substation, so it can't quite so easily be attacked. But I guess it might also mean redundancy - right? - making sure that, if somebody does blow up a substation, there's another way to get power where it needs to go.
KUMAR: Absolutely. The reality is there's a lot of different substations. There's over 75,000 electric substations across the country. We need to take measures that look at the design of those specific substations, where they're geographically located. There are certainly mitigation measures, such as walls. In some cases, that works well. But in other cases, that could actually be - that might not work well, just from an engineering standpoint, where these substations are very high-voltage environments. There's a lot of heat.
INSKEEP: Oh, meaning if you physically wall it off and put a roof over it, it might create other problems - overheating or any number of other things.
KUMAR: You know, you have these transformers. These transformers are very large pieces of equipment, and, you know, you have to make sure that they can be cooled. What are those measures that would actually buy down the risk?
INSKEEP: I'm thinking about how these physical attacks on the grid only had a local effect, and I'm also thinking about the difficulty of taking down the entire grid physically. Russia has spent months in Ukraine attacking the power grid, and they've certainly done damage and shut out the lights from time to time, but they have not permanently taken down the power grid. Apparently, that's very hard. But is it possible that, through a cyberattack, someone could cause massive disruption through the power grid?
KUMAR: The U.S. electric grid is actually very resilient. And in many ways, given the sheer number of electric utilities we have in the United States - we have over 3,000 electric utilities. So it's a very complex electric grid that does take a lot of sophisticated hardware and software to make all of this work. With that said, we also have to take into account that the cyber-risks are increasing constantly because as we become more connected, more digitally controlled, that does introduce a cyber-risk that we have to start to manage.
INSKEEP: Are you surprised that there has not been an electrical grid equivalent of the attack on the Colonial Pipeline not so long ago, where hackers targeted a pipeline and shut it down for a period?
KUMAR: It certainly was a cyber incident, but it was also Colonial proactively shutting down their pipeline.
INSKEEP: I think you're reassuring me that the Colonial Pipeline incident wasn't quite as grave a threat as it seemed at the time, although it certainly was disruptive. But the question still stands - is it possible for a ransomware attacker or a foreign actor, like Russia, to seize some part of the electrical grid in that way or disrupt it?
KUMAR: We know that certain actors have an interest and capabilities that could impact portions of the energy sector. I wouldn't also downplay the Colonial incident because it did have an impact to the availability of fuel across the country, and therefore, we should be looking at how we ensure, really, the security and resilience of these systems as we see the cyberthreats continuing to grow exponentially.
INSKEEP: Is it possible there has not been a massively effective attack on the power grid because it is actually harder than it might seem?
KUMAR: We're seeing capabilities continue to increase, and so we have to make sure that we are ready before anything like that ever could happen. But this goes back to something you said earlier, Steve. How do we build in these systems with resiliency and redundancy in mind? How do we use engineering techniques to - if something does affect a portion of the electric grid, other portions don't go down as a result of that?
INSKEEP: Puesh Kumar is director of the Office of Cybersecurity, Energy Security and Emergency Response. Thanks so much.
KUMAR: Thanks so much, Steve. Transcript provided by NPR, Copyright NPR.